One security control in particular was found to have the greatest ability to decrease cyberattacks.
5/2/2023 1:30 P.M.
If you have difficulty deciding how to effectively direct cybersecurity investments, you are not alone. Many organizations are unsure which controls to adopt, so they often use expert opinions rather than data to make decisions. This Using Data to Prioritize Cybersecurity Investments report directly links key cybersecurity controls commonly required by cyber insurers to a reduced chance of a cyber incident.
Automated hardening techniques were found, by a wide margin, to have the greatest ability of any control studied to decrease the likelihood of a successful cyberattack. Automated hardening techniques refer to the use of software tools and scripts to configure and secure computer systems, applications, and networks automatically. Common ones include vulnerability scanning, firewall configuration, password management, etc. Organizations with such techniques in place, which apply baseline security configurations to system components like servers and operating systems, are nearly six times less likely to have a cyber incident than those that do not.
The other top four controls determined most effective are privileged access management, endpoint detection and response, logging and monitoring, and patched systems.
The analysis also shows that MFA, one of the requirements of the FTC’s Safeguards Rule, only works when it is in place for all critical and sensitive data, for all remote login access, and for administrator account access. Organizations with such broad implementation are 1.4 times less likely to experience a successful cyberattack than those that do not have broad implementation.
If you need help with these or cybersecurity in general, reach out to our partner, TPx at tpx.com/aca.